Add white list two factor protection for eth relay module (#185)

Add white list two factor protection for eth relay module

node/cli/src/chain_spec.rs

@@ -200,6 +200,11 @@ pub fn darwinia_genesis(
 		]
 	});
 
+	let eth_relay_authorities: Vec<AccountId> = vec![
+		get_account_id_from_seed::<sr25519::Public>("Alice"),
+		get_account_id_from_seed::<sr25519::Public>("Bob"),
+	];
+
 	const ENDOWMENT: Balance = 1_000_000 * COIN;
 	const STASH: Balance = 100 * COIN;
 
@@ -263,7 +268,10 @@ pub fn darwinia_genesis(
 			slash_reward_fraction: Perbill::from_percent(10),
 			..Default::default()
 		}),
-		eth_relay: Some(EthRelayConfig { ..Default::default() }),
+		eth_relay: Some(EthRelayConfig { 
+			authorities: eth_relay_authorities,
+			..Default::default()
+		}),
 		eth_backing: Some(EthBackingConfig {
 			ring_redeem_address: hex!["dbc888d701167cbfb86486c516aafbefc3a4de6e"].into(),
 			kton_redeem_address: hex!["dbc888d701167cbfb86486c516aafbefc3a4de6e"].into(),

node/runtime/src/lib.rs

@@ -450,7 +450,7 @@ construct_runtime!(
 		Sudo: sudo,
 		Utility: utility::{Module, Call, Event},
 
-		EthRelay: eth_relay::{Module, Call, Storage, Event<T>, Config},
+		EthRelay: eth_relay::{Module, Call, Storage, Event<T>, Config<T>},
 		EthBacking: eth_backing,
 	}
 );

srml/eth-relay/src/lib.rs

@@ -7,7 +7,7 @@ use codec::{Decode, Encode};
 use rstd::{result, vec::Vec};
 use sr_primitives::RuntimeDebug;
 use support::{decl_event, decl_module, decl_storage, dispatch::Result, ensure, traits::Get};
-use system::ensure_signed;
+use system::{ensure_signed, ensure_root};
 
 use ethash::{EthereumPatch, LightDAG};
 use merkle_patricia_trie::{trie::Trie, MerklePatriciaTrie, Proof};
@@ -72,6 +72,9 @@ decl_storage! {
 
 //		pub HeaderForIndex get(header_for_index): map H256 => Vec<(u64, T::Hash)>;
 //		pub UnverifiedHeader get(unverified_header): map PrevHash => Vec<Header>;
+
+		pub CheckAuthorities get(fn check_authorities) config(): bool = true;
+		pub Authorities get(fn authorities) config(): Vec<T::AccountId>;
 	}
 	add_extra_genesis {
 		config(header): Option<Vec<u8>>;
@@ -98,7 +101,9 @@ decl_module! {
 
 		pub fn reset_genesis_header(origin, header: EthHeader, genesis_difficulty: u64) {
 			let relayer = ensure_signed(origin)?;
-			// TODO: Check authority
+			if Self::check_authorities() {
+				ensure!(Self::authorities().contains(&relayer), "Your account is not on the authorities!");
+			}
 
 			// TODO: Just for easy testing.
 			Self::init_genesis_header(&header, genesis_difficulty)?;
@@ -108,6 +113,9 @@ decl_module! {
 
 		pub fn relay_header(origin, header: EthHeader) {
 			let relayer = ensure_signed(origin)?;
+			if Self::check_authorities() {
+				ensure!(Self::authorities().contains(&relayer), "Your account is not on the authorities!");
+			}
 			// 1. There must be a corresponding parent hash
 			// 2. Update best hash if the current block number is larger than current best block's number （Chain reorg）
 
@@ -120,6 +128,9 @@ decl_module! {
 
 		pub fn check_receipt(origin, proof_record: EthReceiptProof) {
 			let relayer = ensure_signed(origin)?;
+			if Self::check_authorities() {
+				ensure!(Self::authorities().contains(&relayer), "Your account is not on the authorities!");
+			}
 
 			let verified_receipt = Self::verify_receipt(&proof_record)?;
 
@@ -133,6 +144,36 @@ decl_module! {
 			// if header confirmed then return
 			// if header in unverified header then challenge
 		}
+
+		pub fn add_authority(origin, who: T::AccountId) -> Result {
+			let _me = ensure_root(origin)?;
+
+			if !Self::authorities().contains(&who) {
+				<Authorities<T>>::mutate(|l| l.push(who));
+			}
+
+			Ok(())
+		}
+
+		pub fn remove_authority(origin, who: T::AccountId) -> Result {
+			let _me = ensure_root(origin)?;
+
+			if let Some(i) = Self::authorities()
+				.into_iter()
+				.position(|who_| who_ == who) {
+				<Authorities<T>>::mutate(|l| l.remove(i));
+			}
+
+			Ok(())
+		}
+
+		pub fn toggle_check_authorities(origin) -> Result {
+			let _me = ensure_root(origin)?;
+
+			CheckAuthorities::put(!Self::check_authorities());
+
+			Ok(())
+		}
 	}
 }